DEPARTMENT OF FINANCE & MANAGEMENT http://finance.vermont.gov/ Self-Assessment of Internal Control Fiscal Year 2017 April 2017
DEPARTMENT OF FINANCE & MANAGEMENT http://finance.vermont.gov/
Self-Assessment of
Internal Control
Fiscal Year 2017
April 2017
Department of Finance & Management FY 2017 Self-Assessment of Internal Control
Table of Contents
Page
Commissioner’s Message…………………………………………. 3
Mission Statement and References……………………………… 4
Internal Control Overview………………………………………….. 5
Questionnaire Instructions………………………………………… 6 – 7
Self-Assessment Questionnaire:
Procurement & Accounts Payable……………………….. 8 – 14
Accounts Receivable & Cash Receipts…………………. 15 – 16
Fixed Assets………………………………………………….. 17
Inventory…………………………………………................... 18
Grants Administration...……………………………………. 19
Budgeting…………………………………………………….. 20
General Elements……………………………………………. 21 – 23
Certification Form………………………………………………….... 24
Page 2 of 24
..
State ofVermont Agency of Administration
Andrew Pallito, Commissioner
Department of Finance & Management 109 State Street, Pavilion Building Montpelier, vr 05609-0401
[phone] 802-828-2376 [fax] 802-828-2428
finance.vermont.gov
To:
From:
Date:
Subject:
· Secretaries, Commissioners, Elected Officials, and Deputies
Andy Pallito, Commissioner O(} jJJ:,April 2017 / 1
FY 2017 Self-Assessment of Internal Control
Let me begin by welcoming all new members of the Executive Branch and I look forward to working with all of you on
Governor Scott's priorities to grow the state's economy, make Vermont more affordable, protect the most vulnerable,
and restore faith and trust in government. As chief executives, we are accountable for ensuring the resources
entrusted to us are used effectively, efficiently and adequately safeguarded against fraud, waste and abuse; a key
component to meeting this objective is through strong internal controls. Next week my office will be issuing the FY
2017 Self-Assessment of Internal Control to your business offices for completion by May 8, 2017. For many, this will
be your first exposure to the Self-Assessment but in now its 13th year this should be an established process within your
organization. The Self-Assessment questionnaire provides departments with a management tool to review, assess and
document current control practices, identify potential areas of risk or non-compliance, and ultimately be a catalyst for
strengthening each departments' internal control system.
How can you help? The overall effectiveness of il)ternal control, including the self-assessment, is greatly influenced by
our collective leadership, attitude and commitment to it. Setting the proper tone begins with managers at all levels
demonstrating their unwavering support of internal controls through their words and actions, and by motivating and
guiding employees to produce high-quality work, meet deadlines, adhere to prescribed policies and procedures, timely
communicate information to those that need it, promptly resolve errors or problems, and protect the State's assets
from fraud, waste or abuse. Additional information on internal controls, including a Standards Guide for Managers,
can be found on Finance & Management's website at: http://finance.vermont.gov/policies-and-procedures/internal
controls.
I'm fortunate to have worked with so many dedicated employees and I prescribe to the viewpoint that our staffs want
to do the right thing, be successful, and take pride in the quality of their work. I recognize many business offices
already feel stretched thin (in terms of what's expected of them), but I believe the time spent completing the self
assessment pays dividends down the road. When operational errors and breakdowns occur, they can be significant,
time-consuming, costly, and demoralizing disruptions, that pull resources away from our core missions. An objective of
the self-assessment is to minimize those undesired events through informed, competent staff and robust internal
controls, and when that happens, then the better outcomes we can achieve within our departments and as a State.
I ask for your support in endorsing the Self-Assessment of Internal Control within your department and ensuring that
the questionnaire responses are a valid representation of your operations. The responsibility for certifying the Self
Assessment resides solely with the appointing authority and cannot be delegated to deputies or other positions. Please
ensure the questionnaire is completed, reviewed, certified and returned to the Department of Finance & Management
by no later than May 8, 2017, thank you.
Page 3 of 24
FY 2017 Self-Assessment of Internal Control
Mission Statement
The mission of the Internal Control Section is to provide State agencies and departments the objective resources,
guidance and recommendations to improve the State’s financial operations and system integrity. Through a
combined effort of evaluation, communication, cooperation and education, we will work toward improving
operational efficiency, enhancing internal controls and ensuring compliance with published bulletins, policies and
procedures.
References & Acknowledgements
The Vermont Department of Finance & Management would like to credit the Committee of Sponsoring
Organizations of the Treadway Commission (COSO) and various State governments and institutions of higher
learning for portions of the material contained in this document.
Page 4 of 24
FY 2017 Self-Assessment of Internal Control
Internal Control Overview
Definition: Internal Control is a process integrating the activities, plans, attitudes, policies, and efforts of the people
of a department working together to provide reasonable assurance that the department will achieve its objectives
in the following categories:
• Operations - Effectiveness and efficiency of operations, including operational and financial performance goals, and safeguarding assets against loss;
• Reporting – Reliable and timely internal and external financial and non-financial reporting;
• Compliance – Adherence to applicable laws and regulations.
Fundamental Concepts of Internal Control:
• Geared towards the achievement of objectives, affecting every aspect of a department…its people, processes and infrastructure
• People-dependent, effectiveness based upon the action, attention and attitude of people at every level of the department
• Cost-effective and adaptable to each department’s operating environment(s)
• Process consisting of ongoing tasks and activities woven into the day-to-day activities and responsibilities of managers and staff – a means to an end, not an end in itself
• Provides reasonable assurance regarding the achievement of objectives, but not absolute assurance
COSO’s Five Interrelated Components:
Control Environment: The control environment sets the tone of the department and influences the effectiveness
of internal controls. Control environment factors include the ethical values and integrity of the people,
management’s philosophy and operating style, a commitment to competence, and the organizational structure of
the department.
Risk Assessment: Risk assessment is the identification, analysis, and management of risks relevant to the
achievement of the department’s goals and objectives. Risks include internal and external events or circumstances
that may occur and adversely affect the department’s operations.
Control Activities: Control activities are the policies, procedures, and practices that help ensure management
directives are carried out. Control activities help identify, prevent or reduce the risks that can impede
accomplishment of the department's objectives. They include a range of activities as diverse as approvals,
authorizations, separation of duties, documentation, reconciliations, supervision, and safeguarding of assets.
Information and Communication: Pertinent information must be identified, captured and communicated in a
form and timeframe that enables people to carry out their responsibilities. Effective communication also must occur
in a broader sense, flowing down, across and up the department.
Monitoring: Internal controls systems need to be monitored to assess the quality of the system’s performance
over time. Monitoring occurs during the course of normal operations and through separate evaluations and includes
review of the department’s activities, systems, and transactions to determine whether controls are effective.
❖ For more information refer to the following publication on the Dept. of Finance & Management’s website: Internal Control Standards: A Guide for Managers.
Page 5 of 24
FY 2017 Self-Assessment of Internal Control
Questionnaire Instructions
The Self-Assessment of Internal Control Questionnaire is a review of the internal policies and procedures in each
department. The questionnaire is designed to help you identify risk and eliminate considerations of risk that do not
apply to your department. The questionnaire serves as management tool for your department in evaluating how well
risks are being addressed through current control policies and practices. It is designed to raise awareness of certain
issues and encourage further analysis and discussion. The questionnaire will also help the Department of Finance &
Management identify best practices to share with departments.
The questionnaire may be completed either in PDF (fillable form) or Excel with an option for the Appointing Authority
to electronically certify and submit via email. If electronic certification (Excel or PDF) is used, (1) the box on the
certification form must be checked and (2) the file must be submitted directly from the appointing authority’s email
account. [Note: Email submissions from delegates (re: On Behalf of) are not permitted.]
❖ IMPORTANT: The certification (signature or electronic) must be completed by the Appointing
Authority (i.e., Secretary, Commissioner) and cannot be delegated to Deputies or other positions.
The Department of Finance & Management requires that the questionnaire be completed, certified by the appointing
authority, and returned by Monday, May 8, 2017 to:
Kevin Gilman Email: [email protected] Dept of Finance & Management Financial Operations Division – 4th Floor 109 State Street, Montpelier, VT 05609-5901
The questionnaire consists of 7 sections and 212 questions; not all sections will be applicable to every department:
1. Procurement and Accounts Payable - 91 questions
▪ Purchasing activities, invoice processing, petty cash, and employee payroll & expenses.
Note: Net increase of 5 questions…7 added (2 for Purchasing and 5 for Employee Payroll & Expenses) and 2 removed (1 each from Purchasing and Employee Payroll & Expenses)
2. Accounts Receivable and Cash Receipts - 30 questions
▪ Treatment of revenue and amounts owed the State, the handling of cash receipts (currency & checks), and the management of external bank accounts.
3. Fixed Assets - 18 questions
▪ Management and accounting treatment of fixed assets.
4. Inventory - 9 questions
▪ Control and tracking of significant inventories; does not apply to items such as office supplies, computers, or fixed assets.
5. Grants Administration - 10 questions
▪ Compliance issues pertaining to grants and AOA Bulletin 5: Policy for Grant Issuance & Monitoring.
6. Budgeting – 6 questions
▪ Best practices pertaining to the budget process.
Page 6 of 24
Self-Assessment Instructions
7. General Elements of Internal Control* – 48 questions
▪ Five interrelated components of internal control as identified by the COSO model: Control Environment– Risk Assessment – Control Activities – Communication & Information systems – Monitoring.
Note: 1 new question for Control Activities
* This section should be answered from a department-wide perspective.
In completing this questionnaire we expect you to consult with other members of your department in order to
provide as comprehensive and accurate responses as possible. Responses should be based upon current practices,
not on what the department thinks the answer should be, and not on what the department intends to implement in
the future. For the purpose of this questionnaire, “Department” means any discrete agency, department, office,
board or other administrative unit with a designated general ledger business unit number. We strongly recommend
a single unified response for each department. However, if there are smaller discernable areas within your
organization with separate and distinct operations, you may complete multiple questionnaires as appropriate; please
identify those discernable areas on each response.
Questions are phrased so that a “YES” answer indicates a control strength and “NO” answer indicates a possible
weakness. It is not expected that a questionnaire will have all “YES” answers even if internal controls are adequately
addressed. Answering many of the questions will require professional judgment and we recognize that a “YES”
answer does not imply absolute assurance. Following are some guidelines to keep in mind when completing the
questionnaire:
• Please try to limit the response of “N/A” to only those questions that are clearly not applicable to your
department; just because the control activity referenced in the question is not in place in your department,
does not necessarily signify that the question is not applicable.
• For questions that pose “Does the department have written procedures…” only respond “YES” where there
are department specific written procedures; do not answer “YES” if you are only referring to a statewide
policy (e.g., F&M Policies, VISION Procedures, AOA Administrative Bulletins, etc.).
• To assist departments with completing the questionnaire, hyperlinks have been added to many questions to
facilitate review of referenced documents or websites.
• In responding to the questions we recommend using the following criteria:
YES: When the issue addressed is widely in place throughout your department.
NO: When the issue addressed is not in place or only in a very limited scope.
NA: Use only when the issue addressed is “not applicable” to your department.
Note: Questions answered “YES” and “NO” will be marked “NO” for compilation & scoring purposes.
If you have any questions regarding this Self-Assessment questionnaire, please contact the following individuals at
the Department of Finance & Management:
Kevin Gilman, VISION Operations Analyst IV;
e-mail: [email protected]
Andy Pallito, Commissioner;
e-mail: [email protected]
Page 7 of 24
If completing in Excel, use the drop-down box in the appropriate column to select/change your response.
YES NO NA Section 1: Procurement & Accounts Payable
Purchasing
1
Does the department have written procedures regarding the initiation, review, and
approval of all purchases (goods & services)? [Note: Procedures should address the
entire purchasing cycle including the front-end steps to initiate and authorize a purchase, as well as
invoice processing after the purchase has been made.]
2Are procedures established to identify, before funds are committed, costs and
expenditures not allowable under federal/state grant programs?
3
When making purchasing decisions does the department rely on the guidance
provided by the BGS-Office of Purchasing & Contracting's Buyers Resource
Guide to help ensure compliance with applicable laws and administrative
requirements?
4
Before executing a contract, does the department obtain all required prior
approvals as stated in AOA Bulletin #3.5: Procurement and Contracting
Procedures?
5
Are all departmental contracts, regardless of amount, entered in VISION in
accordance with Bulletin #3.5 (unless exempted by the dept's contracting plan
approved by the Secretary of Administration )?
6
For each departmental contract, does the department maintain an up-to-date
contract file that includes all documents required by Bulletin #3.5 and that is
retained for a minimum of three years after the expiration of the contract?
7
Before executing a contract or contract amendment, does the department ensure
that the then current version of Attachment C (Standard State Provisions) is used
as required in AOA Bulletin #3.5?
8
When acquiring goods or services, does the department initially determine
whether the items are available through a statewide contract or, if not, are they
covered under a blanket delegation of authority (BDA)? Note: Statewide contracts & BDAs are issued by BGS-Office of Purchasing & Contracting
9
When items to be purchased are available through a statewide contract, does the
department always utilize the statewide contract (unless otherwise approved by
the Office of Purchasing & Contracting ) in accordance with Bulletin #3.5?
10
Does the department comply with the BDA requirements for utilization, reporting,
and VISION data entry requirements (re: BDA Quick Step Guide) as prescribed by
BGS-Office of Purchasing & Contracting?
11
Is the department aware BDA-1 is primarily for the purchase of goods /supplies
not available by contract (and under specific conditions ), and, is not to be used
for items such as personal services, utility payments, lodging, meals, postage,
membership fees, rental space, payments to other departments, etc.?
12Does the department comply with the purchasing, contractual, and grant
agreement requirements specified in F&M Policy #1: Suspension and Debarment?
Department:
FY 2017 Self-Assessment of Internal Control Questionnaire
Page 8 of 24
YES NO NA Section 1: Procurement & Accounts Payable
13
Are receiving reports or other procedures used to ensure that goods or services,
for which payment is to be made, have been verified and inspected by someone
other than the individual approving payment?
14
Does the department always use purchase orders when making payment against
a contract (including statewide contracts) in accordance with VISION Procedure
#3: Purchase Orders?
15Is the splitting of orders, to avoid higher levels of approval (e.g., BDA-1),
prohibited?
16Are purchases of "personal" greetings or acknowledgments prohibited in
accordance with F&M Policy #3: Personal Greetings/Acknowledgments?
17
Does the department ensure that all “food” purchases (e.g., direct payment, P-
Card, expense report, petty cash) are in accordance with the requirements of F&M
Policy #4: Department Provided Food & Refreshments?
18
In accordance with AOA Bulletin 3.4: Employee Travel & Expense Policy, does the
department prohibit* payment for any employee professional or occupational
licenses? [*Unless specifically allowed under Bulletin 3.4, collective bargaining agreements or
with the prior approval of the Commissioner of Human Resources based on a valid & binding past
practice.]
19 Is proper control maintained over vendor credit memos and returns of goods?
20
For fuel purchases, does the department utilize State contract vendors and verify
the accuracy of invoices using the fuel pricing information ('rack + mark-up')
maintained by BGS-Office of Purchasing & Contracting?
21 Does the department utilize the State of Vermont's Purchasing Card (P-Card)?
22Does the department reconcile the P-Card billing statement to original sales slips,
invoices, register receipts or purchasing card slips?
Invoice Processing
23 Are all invoices received in a central location, such as the accounting unit?
24 Are invoices date stamped upon initial receipt?
25Are all invoices reviewed and approved (i.e., signed or initialed) by an authorized
person prior to voucher entry in VISION and payment?
26
Does the business office maintain an up-to-date listing of specific employees/
positions who can authorize purchases & approve invoices (including any
limitations to their authority )?Note: This question does not pertain to VISION voucher approval or security levels.
27
For vendor set-up or maintenance issues, does the department refer to F&M's
guidance VISION Vendor Set-Up, W-9 Forms and Reportable Payment
Processing - FAQs?
28
Does the department urge vendors (including contractors & grantees) to enroll in
Automated Clearing House (ACH) payments as the State’s preferred payment
method?
Page 9 of 24
YES NO NA Section 1: Procurement & Accounts Payable
29
Is the department aware that the State Treasurer's Office maintains a Vendor
Portal website for vendors to view information about their electronic payment
(ACH or wire) history?
30
Does the department ensure that payables interfaced into VISION from a
departmental sub-system comply with all applicable VISION voucher requirements
including but not limited to purchase orders, contract payments, BDAs, 1099-Misc
reportable items, and vendor payment terms?
31Are payments made only on the basis of original invoices (including electronic
invoices) and to vendors identified on the supporting documentation?
32
When the department finds that vendor address information in VISION does not
match the vendor address listed on an invoice, are appropriate steps* taken to
ensure the vendor record is updated in VISION prior to payment being issued? [*
i.e., W-9 received from vendor, Vendor Request Form submitted to F&M]
33
Do invoice processing procedures provide for detailed examination and
comparison of invoice quantities, prices, and terms with those indicated on the
requisition, purchase order, and receiving reports, as applicable?
34
Does the department adhere to the “one invoice – one voucher” requirement and
not split a vendor’s invoice into multiple VISION vouchers (except for invoices that
span fiscal years per VISION Year End Closing Instructions)?
35
If payment for a departmental contract is made without use of a purchase order
(or the PO is entered without a contract) does the department submit a request to
F&M-Financial Operations to adjust the contract balance?
36Do invoice processing procedures require all invoices to be fully itemized in
accordance with 32VSA§463?
37Do invoice processing procedures provide for checking the accuracy of
calculations, as appropriate?
38Are invoices and vouchers reviewed and approved for completeness of supporting
documents and chart of account accuracy?
39
Do departmental procedures generally prohibit the same employee from
performing all three functions of entering, approving and budget-checking a
VISION voucher?
40
When processing invoices for 1099 reportable vendors*, does the department
ensure the accuracy of the reportable and non-reportable line items on the
"Withholding" page of the VISION voucher?[* For more information refer to the job aid VISION Vendor Set-Up, W-9 Forms and Reportable
Payment Processing - FAQs and/or the VISION Accounts Payable training manual - page 81]
41When processing invoices that pertain to a prior fiscal year, does the department
enter the "PY" prefix* in the invoice field of the VISION voucher?[* For more information refer to Operational Guidance #4: Prior Year Payables]
42
Except for the “PY” prefix (when applicable ), does the department refrain from
entering any information other than the vendor’s invoice number in the invoice field
of the VISION voucher?(re: to enhance VISION's duplicate payment functionality and vendors' payment posting)
Page 10 of 24
YES NO NA Section 1: Procurement & Accounts Payable
43
Unless a valid and documented business reason exists, does the department's
business practices prohibit the changing of the vendor's payment terms on the
VISION voucher to DUE NOW (i.e., NET00-pay immediately)? Note: For more information refer to F&M Policy #5: Payment Terms
44Does the department have procedures in place to take advantage of vendor
discounts?
45
Does the department have procedures to minimize the risk of duplicate payments,
including instructing AP staff not to alter any of the four key matching criteria (i.e.,
vendor ID, invoice number*, invoice date, gross amount) used for VISION’s
duplicate invoice checking functionality? [*except "PY" prefix]
46Is there a procedure for ensuring that all posted processed vouchers have been
paid?
47Are all vouchers and supporting documents retained in accordance with VISION
Procedure #2: Records Retention?
Petty Cash
48Does the department have a petty cash fund? [Note: This includes any petty or
imprest cash fund that was established through an advance of funds to support various
operating and programmatic activities.]
If the answer to the above question is "NO" then skip to the "Employee Payroll and
Expenses" section below.
49 Is one employee assigned responsibility as custodian of the fund?
50Are petty cash funds only used for allowable purposes in accordance with VISION
Procedure #5: Petty Cash?
51
Does the department have written procedures for the fund (besides VISION
Procedure #5 ) defining the custodian's responsibilities, primary uses of the fund,
timelines, and safeguarding of the fund?
52Are petty cash funds, including all checks, maintained in a secure location (e.g.,
locking cabinet, desk, or safe) under the control of the custodian?
53Prior to replenishing the fund, is a reconciliation (back to the fund's authorized
amount) performed by the custodian and approved by a supervisor or manager?
54Does the department comply with the Check Cashing Procedure for petty cash
replenishments?
55Are all petty cash funds replenished at least annually (preferably prior to fiscal
year-end)?
56Is a petty cash log maintained (to include receipts, purpose, reimbursee, date) for
each disbursement?
57Does the department periodically perform unannounced counts (or reviews) of the
fund by someone other than the custodian?
58 Is there a maximum amount for individual payments from the fund?
Page 11 of 24
YES NO NA Section 1: Procurement & Accounts Payable
Employee Payroll & Expenses
59
Does the department comply with the requirements of DHR Policy 11.10: Time
Entry and Approval to ensure the timely & accurate submission and approval of
employee timesheets?
60Are all employee timesheets reviewed and approved by an appropriate
supervisor?
61
For effective timesheet review, does the department provide supervisors adequate
guidance on the correct use of time reporting codes (TRC), task profiles &
combination codes, and adherence to deadlines?
62Are changes to a submitted timesheet made by either a supervisor or delegate
documented in the “Comments” field?
63To the extent practical, are overtime hours approved in advance by an appropriate
supervisor?
64
Do supervisors actively monitor employee's leave balances and work with their
employees to ensure accruals remain at manageable levels and that future
staffing needs aren't placed at risk?
65
In accordance with the Secretary of Administration's Directive Memo (7/30/14),
does the department prohibit the use of gift cards (pre-paid credit cards, gift
certificates, etc.) as a form of employee recognition or merit award?
66
In accordance with AOA Bulletin 2.3: State Vehicles Policy (re: Appendix A), for
employees authorized to commute in a State vehicle (e.g., "take-home vehicle")
does the department have procedures in place to capture and report all
commuting that does not meet one of the allowable IRS exclusions to VTHR as a
taxable employee fringe benefit? [Note: Unauthorized commuting and all other personal
use of State vehicles is strictly prohibited by the Bulletin.]
67
Does the department have a process to ensure that all employees (and their
supervisors) who travel for State business, or incur other reimbursable expenses,
are aware of and familiar with the AOA Bulletin 3.4: Employee Travel & Expense
Policy?
68
Are all employee expense reimbursements (travel and non-travel, excluding DHR
Tuition Reimbursement ) processed through the VISION Expense module, not the
Accounts Payable module?
69
In accordance with AOA Bulletin 3.4, does the department require completion of
the “Tuition Assistance Employee Certification” form for all department provided
tuition assistance (direct pay to educational institution or employee
reimbursement)?
70
Do departmental procedures ensure the three key roles of employee expense
report processing...1) Employee submission, 2) Supervisor review and approval,
and 3) Expense Coordinator review and final approval...are performed by
different people?
Page 12 of 24
YES NO NA Section 1: Procurement & Accounts Payable
71
When F&M (VISION Support) provides expense coordinators with general
information or guidance regarding employee expenses (e.g., "please share with
your employees" ), does the department have a process in place to disseminate
this information to its employees?
72
When reviewing and approving expense reports does the department verify the
accuracy and completeness of the data including all required receipts and
supporting forms?
73
Does the department have a process to verify that expense reports submitted in
the VISION Expense module were not paid using a State Purchasing Card (P-
Card)?
74
Does the department ensure employee meal reimbursement requests are
allowable under the applicable collective bargaining agreement and, if so, that
amounts do not exceed maximum reimbursement rates and travel times & meal
locations are documented on the expense report?
75
Does the department provide guidance and monitoring of employee mileage
reimbursements to ensure use of the appropriate full or reduced mileage rate on
the expense report?
76
Per Bulletin 3.4, does the department prohibit the use of employee reimbursement
as a purchasing method for non-travel business expenses exceeding $200
(except in emergency situations or with the department head's prior
authorization )?
77
Does the department remind and urge employees to submit their expense reports
within 20 calendar days of when the travel/expense was incurred, but no less
frequently than monthly (in accordance with AOA Bulletin 3.4)?
78Before approving an expense report does the department verify that, when
applicable, the employee has copied it from an approved travel authorization?
79Before approving an expense report does the department verify that the employee
has applied related and/or outstanding cash advances to the report?
80
For all expense reports submitted more than 60-days after the travel was
completed or expense incurred, does the department require completion of the
“Explanation of Late Filing” form?
81
Do expense coordinators proactively manage expense report submissions and
approvals throughout the month to minimize the need for deletion of expense
reports at month-end (and subsequent re-entry in the following month)?
82
Are supervisors aware that expense reports must be approved within 7 calendar
days of employee submission or, for planned absences, ensure that an alternate
approver has been setup in VISION?
83Does the department require separating employees (resign, transfer, retire, etc.)
to submit any outstanding expense reports prior to their exit date?
Page 13 of 24
YES NO NA Section 1: Procurement & Accounts Payable
84
Is all out-of-state (or country) travel authorized in advance in accordance with the
requirements of AOA Bulletin 3.4 (re: who may authorize the travel and the
approval method )?
85
Before approving a travel cash advance does the department verify that the
employee has an approved on-line Travel Authorization in the VISION Expense
module?
86Does the department enforce the $200 minimum threshold (per AOA Bulletin 3.4)
for all travel cash advances?
87Does the department ensure that travel cash advances are issued no sooner than
30 days prior to the travel start date (per AOA Bulletin 3.4)?
88
Does the department comply with VISION Procedure #9: Travel Cash Advance
Management to ensure cash advances in excess of expenses incurred and
delinquent advances are properly reimbursed by the employee back to the State,
and accounted for and closed in VISION?
89
Has the department made its employees aware that 1) expense reports submitted
more than 60-days after the expense was paid or incurred and/or 2) cash
advances not re-paid within 120 days after the completion of travel will be
recorded as taxable income to the employee and payroll taxes withheld (employee
and department) in accordance with IRS Accountable Plan rules?
90
When reviewing expense reports, do expense coordinators verify the Billing Type
field (non-taxable vs. taxable) is accurate and in accordance with Bulletin 3.4? [For
more information refer to VISION Job Aid: Taxed Employee Expense Reimbursements.]
91
For third-party reimbursements, does the department comply with the
requirements of AOA Bulletin 3.4, including prior authorization and (as applicable)
use of the form “Authorization of Employee Expenses to be Paid by a Third-Party
Organization”?
Page 14 of 24
-
If completing in Excel, use the drop-down box in the appropriate column to select/change your response.
YES NO NA Section 2: Accounts Receivable & Cash Receipts
Accounts Receivable
1
Does the department bill and/or collect significant monies (i.e., in excess of
$10,000 annually) from customers, clients, grantor organizations (including federal
agencies), or other sources?
If the answer to the above question is "NO" then skip to the "Cash Receipts"
section below; although the department should still ensure compliance with any
applicable policies or procedures.
2
Does the department have written policies and procedures defining
responsibilities for preparing bills, recording accounts receivables, recording
payments, collecting the accounts, and follow-up of delinquent accounts?
3Are the responsibilities for billing, collections, and posting to the accounting
records generally performed by different people?
4 Does the department maintain and record all accounts receivable in VISION?
5
Does the department's frequency of federal draws meet or exceed the minimum
requirements established in F&M Policy #2: Cash Management for Federal
Funds?
6 Does the department have a written policy regarding write-offs?
7Does the department have written policies and procedures concerning refunds of
overpayments and billing adjustments?
8Are charges for goods or services based on authorized fees and rates, where
applicable?
9Does the department periodically provide statements of account balances to
customers?
10Is an aging schedule prepared monthly and, if so, is it reviewed by a responsible
manager?
11Does the department have a written procedure for preparation of the CAFR-1
Form (yearend accounts receivable worksheet)?
12Does the department retain detail reports or listings to support each amount
reported on the CAFR-1 Form?
13Does the department take appropriate action, and document its efforts, to collect
on account balances that are past due?
14Does the department use an allowance account for doubtful or uncollectible
accounts?
15If so, does the department have a written methodology for calculating the
allowance for doubtful or uncollectible accounts?
Cash Receipts
16
Are responsibilities for collection and deposit preparation functions adequately
segregated from those for recording cash receipts and posting to the accounting
records?
17 Are all funds received deposited in a prompt manner (at least weekly)?
18When funds cannot be deposited daily, are the funds adequately secured in a
locking cabinet, desk, or safe?
FY 2017 Self-Assessment of Internal Control Questionnaire
Department:
Page 15 of 24
YES NO NA Section 2: Accounts Receivable & Cash Receipts
19 Are restrictive endorsements placed on incoming checks as soon as received?
20
When in possession of a VISION vendor check that has been issued in error or is
no longer valid, does the department return the check to the Office of the State
Treasurer for voiding in accordance with the requirements of VISION Procedure
#8: Void Check?
21
Does the department routinely search the State Treasurer's Office "Unclaimed
Property" website and file a claim form for any financial property belonging to the
department?
22 Does the department issue receipts for all cash collections?
External Bank Accounts
23Does the department have any external bank accounts (including for petty cash
funds ) which are maintained and managed directly by the department?
If the answer to the above question is "NO" then omit the remainder of the
questions in this section.
24Was approval obtained from the State Treasurer's Office to establish the bank
account in accordance with Title 32 V.S.A. §431?
25Are responsibilities for preparing and approving bank account reconciliations
segregated from other cash receipt or disbursement functions?
26 Are all bank accounts reconciled within 30 days of the statement date?
27 Are all shortages or overages investigated and, to the extent possible, corrected?
28Is NSF (not sufficient funds ) check follow-up done by someone independent of
the processing and recording of cash receipts?
29Do any of these accounts include funds held by the department in custody for
others (client funds, bail, escrow, etc.)?
If the answer to question #29 is "YES" then answer the following question,
otherwise omit the next question.
30Does the department maintain a separate record of balances and activity for each
individual or entity?
Page 16 of 24
-
If completing in Excel, use the drop-down box in the appropriate column to select/change your response.
YES NO NA Section 3: Fixed Assets
1
Does the department adhere to the asset capitalization thresholds specified in
VISION Procedure #1: Asset Management to determine whether an asset needs to
be capitalized and recorded in the VISION Asset Management module?
2Does the department have an individual assigned responsibility for fixed asset
accounting?
3Does the department have formal written procedures for performing the required
annual physical inventory?
4Are all asset purchases and receipts approved by a designated person with proper
authority?
5
When recording the acquisition cost of a capital asset, does the department
include all directly attributable ancillary charges (e.g. freight, assembly, installation,
etc.) necessary to place the asset into its intended location and condition for use,
in accordance with VISION Procedure #1?
6
Are all capital asset acquisitions, including capital leases and computer equipment
>$1,000, recorded in the VISION Asset Management module within 30 days of
acquisition (or for constructed assets within 60 days after the asset is ready for its
intended use) in accordance with VISION Procedure #1?
7
Does the department have a process to accumulate costs (including staff/payroll
costs) and maintain supporting documentation for construction-in-process (CIP)
projects, including major IT projects, in order to accurately reflect the total cost of
the asset and comply with financial reporting requirements?
8
Does the department ensure that all asset additions, adjustments, deletions, and
retirements are processed through the VISION Asset Management (AM) module
(to maintain integrity between AM and the general ledger )?
9Is the responsibility for conducting the physical inventory assigned to someone
other than the custodian of the assets?
10Are all capital assets tagged (where practicable) with a unique department
identification number?
11 Is there adequate physical security surrounding the fixed asset items?
12 Are department personnel aware that personal use of equipment is prohibited?
13
Does the department maintain a list(s) of keys and lock combinations assigned to
employees (and contractors) that is inclusive of the department’s entire
operations?
14Does the department have a process to evaluate asset utilization to determine
whether the asset is considered excess or surplus property?
15 Are all asset disposals approved by a designated person with proper authority?
16 Are gains or losses properly recognized from disposals of fixed assets?
17Does the department investigate un-located assets, document their findings, and
take appropriate action?
18If non-capital assets are maintained in VISION are they tagged with a unique
department identification number?
FY 2017 Self-Assessment of Internal Control Questionnaire
Department:
Page 17 of 24
-
If completing in Excel, use the drop-down box in the appropriate column to select/change your response.
YES NO NA Section 4: Inventory
1
Does the department have any significant inventories (i.e., combined value
greater than $10,000, regardless of physical locations) intended for sale or use in
the delivery of goods or services?
If the answer to the above question is "NO" then omit the remainder of the
questions in this section.
2Does the department have written policies and procedures to control and monitor
inventories?
3Does the department maintain perpetual inventory records and are all inventory
items put on a perpetual inventory system?
4 Is there adequate physical security surrounding inventories?
5 Is a physical inventory taken at least annually?
6Are physical inventories supervised by someone independent of the custodial or
record keeping functions?
7Are physical inventories ever performed by individuals independent of the
department being inventoried?
8Are physical inventory count sheets signed, dated by the person supervising the
counts and retained according to the State's record retention procedure?
9 Does management assess inventory policies and procedures periodically?
FY 2017 Self-Assessment of Internal Control Questionnaire
Department:
Page 18 of 24
-
If completing in Excel, use the drop-down box in the appropriate column to select/change your response.
YES NO NA Section 5: Grants Administration
1 Does the department issue grants (from any funding source)?
If the answer to the above question is "NO" then omit the remainder of the
questions in this section.
2
Does the department conduct a pre-award eligibility and risk assessment in
accordance with Agency of Administration Bulletin 5: Policy for Grant Issuance
and Monitoring, Section V and Bulletin 5's Procedure #1: Pre-Award Eligibilty?
3Does the department use the grant award documents (Parts 1 and 2) as required
in Bulletin 5, Section V?
4Does the department enter all grant awards in the VISION Grant Tracking module
within 10 days of grant execution?
5Does the department have an approved Granting Plan on file in accordance with
Bulletin 5, Section IV?
6
Does the department review its Granting Plan annually (by May 15th) to either a)
certify the existing plan is current or b) update and submit it for re-approval to
F&M, in accordance with Bulletin 5, Section IV and the Bulletin 5 Granting Plan
Supplement?
7Does the department code its payments to grantees in accordance with Bulletin 5,
Section VII?
8Does the department run VISION queries at least quarterly to identify
subrecipients who require a single audit or who are in a delinquent status?
9
Does the department review the single audit reports of all its subrecipients, even
when not designated as the primary pass-through entity, in accordance with
Bulletin 5, Section VIII and Bulletin 5's Procedure #2: Single Audit Review?
10Does the department document its monitoring activities in an official grant file and
in the VISION Grant Tracking module when applicable?
FY 2017 Self-Assessment of Internal Control Questionnaire
Department:
Page 19 of 24
-
If completing in Excel, use the drop-down box in the appropriate column to select/change your response.
YES NO NA Section 6: Budgeting
1
Does the department use forecasting methods such as statistical modeling, trend
analyses, historical data, etc., to develop its annual budget and monitor
performance against budget?
2
Does the department have mechanisms in place to verify that spending authority
budgeted from federal grants and other non-General Fund sources are supported
by reasonable revenue estimates based on the best available information?
3
Are specific staff assigned responsibility to regularly (preferably monthly or more
often, but at least quarterly) compare actual expenditures & revenues with
budgeted amounts throughout the year?
4 Does management review these comparisons?
5If so, are explanations sought for significant or unusual variances (surplus or
deficit) and notice and corrective action taken as appropriate?
6
Does the department ensure that all VISION purchase orders 'rolled' from one
fiscal year to the next represent valid encumbrances in accordance with generally
accepted accounting principles?
FY 2017 Self-Assessment of Internal Control Questionnaire
Department:
Page 20 of 24
-
YES NO NASection 7: General Elements of Internal Control
[to be answered from a department-wide perspective]
Control Environment
1Does the department have a written mission statement containing the purpose,
goals, and objectives?
2 Does the department have an up-to-date organization chart?
3Does the department encourage written policies and procedures for all major
areas of the department?
4 Does the department encourage regular staff meetings?
5Are the department's financial operations centralized, or if de-centralized are
activities routinely monitored by a central office?
6Have managers been provided with clear goals and direction from the governing
body or top management?
7
Does the department have a structured orientation process to inform new hires of
relevant statewide & departmental policies, procedures, and expectations for state
employees?
8
Does management effectively communicate expectations for employee conduct to
staff in accordance with the guidelines established in DHR Policy #5.6: Employee
Conduct?
9Do all supervisors and managers have sufficient working knowledge of the State's
personnel policies and procedures?
10Are sufficient training opportunities provided to improve competency and update
employees on policies and procedures?
11Does the department have a written "fraud" policy that focuses on the
department’s employees and its internal operations?
Does the department periodically remind and urge employees to report suspected
fraud, waste or abuse to department management, or to the State Auditor's Office
Confidential Line?
[For additional information refer to DHR's Reporting Fraud: Employee Whistleblower
Protection]
13Does the department have a functioning internal audit staff to review the
operations of the department?
14If so, does the internal audit staff report to an official independent of the
operations under review?
Risk Assessment
15
Does management utilize methods such as cross-training, strategic hiring
practices, detailed procedure documentation, enhanced supervision, etc. to help
mitigate the risk associated with sudden or significant changes in key personnel?
16
In the event of an emergency, has management considered contingency plans
(e.g., continuity of operations plans ) to ensure the continuity of mission critical
functions and services?
FY 2017 Self-Assessment of Internal Control Questionnaire
If completing in Excel, use the drop-down box in the appropriate column to select/change your response.
Department:
12
Page 21 of 24
YES NO NASection 7: General Elements of Internal Control
[to be answered from a department-wide perspective]
17
For their areas of responsibility, do managers attempt to identify the department's
exposures to fraud (i.e. how fraud could be committed ) and the symptoms that
might indicate fraud has occurred?
18
Are employees encouraged to take earned vacation time in order to improve
operations through cross-training while enabling employees to overcome or avoid
stress and fatigue?
19Does management identify and analyze risks relating to change, such as new
technology, new regulations, restructuring, and rapid growth?
20Does the department have a process in place to identify new (or changed) laws or
statutory requirements that could affect the department's operations?
21Before committing resources to new projects or initiatives, does management
assess the potential impact on its current operations?
Control Activities
22
Does the department submit the form Delegation of Authority for Signature
Authorization (re: addendum to AOA Bulletin 3.3) to F&M annually (by the required
due date) and whenever there is a change in the department's Appointing
Authority or their exempt designee(s)?
23
Does the department submit the appropriate VISION Security Forms whenever
there are internal staffing or organizational changes that impact employees’
VISION related responsibilities?
24To the extent possible, are responsibilities divided so that no single employee
controls all phases of a transaction?
25
Do employees assigned responsibility for approving VISION transactions have
sufficient knowledge of the chart of accounts, appropriation detail, accounting
principles and the department's operations to validate the accuracy of all VISION
chartfield coding?
26
Unless all transactions are already approved by a senior manager, does the
department require transactions exceeding a specified dollar threshold to be
escalated to a higher-level manager for additional approval?
27Are there documented procedures for all of the department's critical functions and
key activities?
28Does management ensure staff are provided with all pertinent policies &
procedures which may affect performance of the employee's duties?
29
Are policies & procedures reviewed at least annually (and updated as necessary )
to ensure they are still relevant and in conformance with governing laws or
regulations?
30
Are all departmental accounting systems that are maintained outside of VISION
reconciled to the VISION system at least annually in accordance with the fiscal
year-end closing instructions?
31
When an employee leaves State service, or transfers to another position, does the
department complete and retain an "employee separation checklist*" (or similar) to
help ensure the State's assets and systems are protected and that all State
owned property is returned?* Refer to F&M Best Practice #8: Employee Separation
Page 22 of 24
YES NO NASection 7: General Elements of Internal Control
[to be answered from a department-wide perspective]
32Do policies and procedures address the handling of confidential or sensitive
information such as social security numbers or protected health information?
Communication and Information Systems
33
Does management effectively communicate expected behaviors to staff in
accordance with the rules established in DHR Policy #11.7: Electronic
Communications and Internet Use?
34Are controls in place to ensure information systems and data are protected from
unauthorized access, theft, or malicious acts?
35Do information systems' controls effectively prevent and/or detect missing or
invalid data?
36Are critical data files backed up and stored in a separately secure area to provide
for a full recovery of the data, if necessary?
37 Do only authorized staff have information system override privileges?
38 Does the department have a comprehensive policy on password protection?
Monitoring
39Is the internal control structure supervised and reviewed by management to
determine if it is operating as intended?
40Does management solicit input from staff on opportunities to improve the
effectiveness of controls?
41Does the department use performance-based data or other measures to annually
compare its actual performance with programmatic goals and objectives?
42
Does the department distribute copies of internal/external audit reports & reviews
to appropriate staff and ensure that any required corrective action is taken in a
timely manner?
43
Does the department submit copies of external audit reports, including any
substantiated fraud, to the Dept of Finance & Management (F&M) as required by
F&M Policy #7: External Audit Reports?
44Does the department have a process to obtain assurance that corrective action
for prior-year audit findings has been completed?
45
If the department expends federal funds, does it comply with the reporting
requirements of the Federal Funds Accountability and Transparency Act (FFATA)
as reflected in F&M Policy #8: FFATA Compliance?
46
Does the department comply with the requirement to submit an updated
Identification of Confidential Expenses Form to F&M whenever a new confidential
VISION expense account(s) is identified and before incurring any expense in that
account(s)?
47
Does the department utilize external data or sources (e.g. peer groups, surveys,
industry standards, etc.) to corroborate the validity of internally generated
information?
48Does the department actively monitor staff who perform vital functions, especially
in those areas where non-performance could adversely affect risk?
Page 23 of 24
Department:
1. Person responsible for completing the questionnaire:
Printed Name & Title
2. Appointing Authority responsible for certifying the questionnaire:
Printed Name & Title of Appointing Authority - then complete certification below
*
Important: As Appointing Authority please select option '2A' or '2B' to complete certification.
2A.
➢
**
2B. Signed Certification Option for Appointing Authority
Appointing Authority Signature & Date
Kevin Gilman
Dept of Finance & Management
Financial Operations Division - 4th Floor
109 State Street, Montpelier VT 05609-5901
Email: [email protected]
Please return this certification with your Self-Assessment Questionnaire by MAY 8, 2017 to:
For this certification, Appointing Authority refers to elected officials, agency secretaries and department
commissioners, or, heads of branches, divisions, boards, and commissions not reporting to a department
commissioner or agency secretary; this certification responsibility cannot be delegated to Deputies or
others.
Electronic Certification Option for Appointing Authority**
By checking this box (with a left mouse click ), I authorize the Dept of Finance & Management to accept
this document transmitted from my State email account as our official submission. In addition, I certify
that my name as typed above shall be treated as my written signature for the purposes of certifying this
document.
Important: To electronically certify, the above box must be checked AND the file must be sent
directly from the Appointing Authority's State email account to F&M.
Note: Email submissions from the Appointing Authority's delegate (i.e., On Behalf of) or others are NOT permitted.
If the electronic certification option above is NOT used, then this Certification Form must be signed
below by the Appointing Authority and mailed (or scan-email) to F&M at the address below.
To Complete Electronic Certification: Check the box in 2A, then click the 'Submit Form' button in the upper
right corner to return the file to F&M
"As the Appointing Authority*, I certify, to the best of my knowledge, that the answers provided in
this Self-Assessment questionnaire are an accurate representation of the operations of this
department."
FY 2017 Self-Assessment of Internal Control Questionnaire
Certification Form
Page 24 of 24